Air gapping is a security measure that involves isolating a computer from an external connection. For example, an air gapped computer is one that is physically segregated and incapable of connecting wirelessly or physically with other computers or network devices. Air gapped systems and networks are used to protect many types of critical systems, such as those utilized in industries including financial, military, government, utility facilities, and the like.
Preventing a computer or a network from accessing an external network significantly limits the productivity of users using such a computer or network. For example, an application executed on an “air gapped” computer cannot access any resource over the Internet. To do so, the user would need to use a different computer having access to the Internet.
In the related art, there are a number of solutions attempting to isolate different computing environments on a single computer. However, such solutions do not provide a complete air gapping architecture. Furthermore, such solutions often suffer from user experience issues.
As a prime example, some isolation solutions are based on virtual machine (VM) technologies. That is, VMs are containers in which applications and guest operating systems can be executed. By design, all VMs are isolated from one another. This isolation enables multiple virtual machines to run securely while sharing hardware.
Although virtual machines share hardware (e.g., CPU, memory, and I/O devices, etc.), a guest operating system running on an individual virtual machine cannot detect any device other than the virtual devices made available to the guest operating system. In various virtualization environments, a hypervisor acts as an interface between the guest operating system and the host operating system for some or all of the functions of the guests. A host operating system directly interacts with the hardware. A host operating system may be Windows®, Linux®, and the like.
Endpoints (e.g., desktop or laptop computer) configured with VM isolation do not provide a complete defense against malicious code. One vulnerability point in such virtualization environments is the host operating system. That is, hackers can exploit security vulnerabilities integrated in such operating systems to propagate malicious code to the hypervisors and then to the guest operating systems. Further, a user can install malicious software directly on the host operating systems (i.e., outside of the virtualization environment). To prevent users from installing software directly on the host operating system, such an operating system should be restricted. However, such an approach limits the user experience, as the user cannot install applications, plug-ins, change settings, and so on, with a restricted operating system.
Other isolation solutions are based on the sandboxing of critical applications executed on an endpoint. The sandboxing is achieved by running each application in a separate VM. However, this isolation can also be penetrated by hackers, as the sandboxed applications are often executed over a vulnerable host operating system which is controlled by the user and has a wide attack surface.
Another isolation solution is based on separating any browsing activity from the endpoint to eliminate malware and phishing from websites and emails. In such solutions, the browser is executed in a VM in a cloud computing platform, where all webpages are rendered in the cloud and sent to the endpoint for display therein. This solution does not defend from other applications executed in a typical endpoint. Further, such solution does not prevent a user from installing malicious software on the endpoint.
In all of the above-mentioned solutions a vulnerable point is the access to an external network (e.g., the Internet). If such network access is not controlled, the malware can be downloaded to the endpoint. Once executed on the endpoint, the malware can act as a bot and communicate with a command-and-control server, send data to an external source, and so on. Therefore, as isolation solutions still demonstrate network vulnerabilities, such solutions cannot provide a complete air-gapped endpoint.
It would therefore be advantageous to provide a solution that would overcome the deficiencies noted above.